Date of analysis: 21/07/2021

DMARC Adoption in Australia: 2021 Report

Australian businesses have lost $176.1 million to scams in 2020 alone, with 75% of these losses originating as a result of phishing attacks, which are now being deployed through fake emails. As we have been progressing into 2021, the amount of money lost from cybercrimes is only rising. Researchers have found that the financial damage from email-based attacks in Australia is predicted to grow by 46% over the next two years. Hence being prepared is not an option anymore, it is imperative!

Why Should Australia Consider Improving its DMARC Adoption Rate?

Assessing the Threat Landscape
BIMI Logo

To give a brief overview of what we are dealing with here, according to the Australian Competition and Consumer Commission’s Scamwatch, in 2020 alone businesses in Australia lost a whopping $176.1 million to cyber scams. It might come as a surprise, but the most reported type of scam was Phishing, with a steep rise in the frequency of attacks since 2019.  While Australians had reported 25,168 phishing attacks in 2019, the number of reported attacks rose to 44,084 in 2021 (up by 75%). From the findings of various surveys conducted in the past year, the most preferred delivery method for perpetuating the cyberattacks was email.

As of 2021, the huge rise in phishing schemes is a worrying trend that shows no signs of slowing. While any attack campaign can be used for any purpose, the low startup cost and high payout make it appealing to cybercriminals looking to make the most amount of money with the least amount of effort.

The above-mentioned statistics on the lack of email security in Australia raises some serious concerns:

  • What are the current situation of DMARC adoption and enforcement in organizations in Australia?

  • How can we improve the cybersecurity and email authentication infrastructure in Australia to mitigate impersonation attacks?

To gain better insight into the current scenario we analyzed 140 domains belonging to top businesses and organizations in Australia, from the following sectors:

The above-mentioned statistics on the lack of email security in Australia raises some serious concerns:

  • Energy
  • Education
  • Telecom
  • Healthcare
  • Transport
  • Banking and Finance
  • Media & Entertainment

Graphical Analysis: Among all 140 domains examined that belong to various organizations in Australia, 132 domains (78.6%) possessed SPF records, out of which 22 domains (15.7%) had SPF records with errors. Only 79 domains (54%) had DMARC records out of which 6 of the domains (4.28%) contained errors. 54 domains had their DMARC policy set at none (39%), enabling monitoring only, while 25 domains (18%) had their DMARC policy level set at enforcement (i.e. p=quarantine/reject).

Key Findings

  • 45% of the domains examined in the Energy Sector had no DMARC record 
  • 25% of the domains had invalid DMARC records
  • 30% of the domains had invalid SPF records

Key Findings

  • 70% of the domains examined in the Telecom Sector had no DMARC record 
  • 15% of the domains had invalid SPF records

Key Findings

  • 25% of the domains examined in the education sector had no DMARC record 
  • 10% of the domains had invalid SPF records 

Key Findings

  • 40% of the domains examined in the Healthcare Sector had no DMARC record 
  • 10% of the domains had invalid SPF record

Key Findings

  • 55% of the domains examined in the Transport Sector had no DMARC record 
  • 20% of the domains had invalid SPF records
  • 10% of the domains had no SPF record

Key Findings

  • 65% of the domains examined in the Media and Entertainment Sector had no DMARC record 
  • 20% of the domains had invalid SPF records 
  • 10% of the domains had no SPF record 

Key Findings

  • 5% of the domains in the Banking and Finance Sector had no DMARC record 
  • 5% of the domains had no valid SPF record 

Comparative Analysis of SPF Adoption among Different Sectors in Australia

The SPF adoption rate was found to be the lowest among companies in the energy sector in Australia, closely followed by media and entertainment, and telecom organizations. Australian banks were recorded to have the highest SPF adoption rate with 95% valid SPF records.

Comparative Analysis of DMARC Adoption among Different Sectors in Australia

Only 30% of domains in the energy sector in Australia have DMARC deployed with an enforced policy, only 5% in the telecom sector, 25% in the education sector, 10% in the Healthcare sector, 10% in the transport sector, 5% in media and 40% in the banking sector. This is a low percentage of overall DMARC enforcement among organizations in Australia.

Critical Errors Organizations in Australia are Making

On analyzing 140 Australian domains from various sectors and industries, it is evident that organizations in Australia are making some critical errors that can jeopardize their online reputation and the safety of their clients:

Steps to be Taken for Improving DMARC Australia 2021

How can PowerDMARC Help You in this Process?

To achieve a secure email ecosystem, DMARC/DKIM/SPF must be enabled in all gateways within the company. Everything within the company must use a single set of security standards to detect and prevent accidental and malicious email sending sources. PowerDMARC provides a full suite of email security services and hosted solutions that enable you to protect your brand reputation and customers against all sorts of email-borne threats.

Let’s join hands to increase the rate of  DMARC adoption and strengthen the email security infrastructure in businesses across Australia. Get in touch with us at [email protected] to find out how we can help protect your domain and business today!